redline | ee41b1ba97889db2f9a6027234810a66ee037a741d4a71b8043a48c9e5e2dbe0 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

ee41b1ba97889db2f9a6027234810a66ee037a741d4a71b8043a48c9e5e2dbe0
Size

664KB
Sample

211125-sx4rhsffal
MD5

4b4c1366e8b51b6d382db6c6fa680821
SHA1

c4d2d071d5b113356f2cd146ee47abd0b0e20fa4
SHA256

ee41b1ba97889db2f9a6027234810a66ee037a741d4a71b8043a48c9e5e2dbe0
SHA512

b26ddf1d444c5aeefc5b578533bb0e32117b13e3a2117794f9ad26be7c2e3c2efeada6c24cba04fc6b0b5fc52704d1309344d2e2c14ed94e21eea70c75102ea3

Score

10^/10

redline 25.11 discovery infostealer spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

ee41b1ba97889db2f9a6027234810a66ee037a741d4a71b8043a48c9e5e2dbe0.exe

Resource

win10-en-20211104

redline 25.11 discovery infostealer spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

25.11

C2

185.215.113.17:7700

Targets

- Target
  
  ee41b1ba97889db2f9a6027234810a66ee037a741d4a71b8043a48c9e5e2dbe0
- Size
  
  664KB
- MD5
  
  4b4c1366e8b51b6d382db6c6fa680821
- SHA1
  
  c4d2d071d5b113356f2cd146ee47abd0b0e20fa4
- SHA256
  
  ee41b1ba97889db2f9a6027234810a66ee037a741d4a71b8043a48c9e5e2dbe0
- SHA512
  
  b26ddf1d444c5aeefc5b578533bb0e32117b13e3a2117794f9ad26be7c2e3c2efeada6c24cba04fc6b0b5fc52704d1309344d2e2c14ed94e21eea70c75102ea3
Score

10^/10

redline 25.11 discovery infostealer spyware stealer suricata
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
  suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
  suricata
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

redline25.11discoveryinfostealerspywarestealersuricata

© 2018-2024

Terms | Privacy